infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
30,328 Commits
7 Branches
556 Tags
419 MiB
Commit Graph

9412 Commits (9d430eb1d5e6431b9940a9d630750e40c44b4b59)

Author SHA1 Message Date
Brent Cook a2a1a90678
Land #4316, Meatballs1 streamlines payload execution for exploits/windows/local/wmi 
also fixes a typo bug in WMIC
 2015-01-16 11:16:22 -06:00
Brent Cook bc895ab4d1
Land #4582, jhart-r7's Apple Airport Authentication Avalanche 2015-01-15 14:07:18 -06:00
William Vu f0de45c371
Fix typo and add Subject support 2015-01-14 02:17:29 -06:00
Jon Hart 5cc7d5d1a8
Remove errant pry 2015-01-13 10:35:05 -08:00
Jon Hart 69f03f5c5d
Move ACPP default port into Rex 2015-01-12 19:43:57 -08:00
Jon Hart d5cdfe73ed
Big style cleanup 2015-01-12 19:11:14 -08:00
Jon Hart ec506af8ea
Make ACPP login work 2015-01-12 14:01:23 -08:00
Jon Hart e9557ffe58 Simplify module in prep for some authbrute cleanups 2015-01-12 13:08:12 -08:00
Jon Hart 691ed2cf14 More cleanup 
Don't validate checksums by default until they are better understood
Handle the unknowns a bit better
Make checksum failures more obvious why it failed
 2015-01-12 13:08:12 -08:00
Jon Hart 97f5cbdf08 Add initial Airport ACPP login scanner 2015-01-12 13:08:12 -08:00
Jon Hart fba6945e9a Doc payload oddness. Add more checksum tests 2015-01-12 13:08:12 -08:00
Jon Hart 54eab4ea3d Checksum validation, more tests 2015-01-12 13:08:12 -08:00
Jon Hart 7e4dd4e55b Add ACPP decoding capabilities 2015-01-12 13:08:12 -08:00
Jon Hart 2af82ac987 Some preliminary Apple Airport admin protocol (ACPP?) support 2015-01-12 13:08:11 -08:00
David Maloney 6dad66c04c
add Date header support to SMTP deliver 
the SMTP mixin now supports the Date header.
The user can supply a a value for the Date Header
or else it will automatically use the current local
DateTime. This will help alleviate certain issues
caused by servers setting this field for the cliebnt incorrectly

MSP-9390
 2015-01-12 11:18:07 -06:00
Jon Hart d8743ea32b
Land #4539, @Meatballs1's creds cmd now supports type filters, -R for search 2015-01-08 18:48:27 -08:00
Jon Hart 7c4b86ca4c
If an unsupported cred type is given to -t, show what is valid 2015-01-08 18:42:25 -08:00
Jon Hart e4cdac1440
Land #4559, @FireFart's fix for wordpress version detection (from wpscan) 2015-01-08 15:19:29 -08:00
Brent Cook fb5170e8b3
Land #2766, Meatballs1's refactoring of ExtAPI services 
- Many code duplications are eliminated from modules in favor of shared
   implementations in the framework.
 - Paths are properly quoted in shell operations and duplicate operations are
   squashed.
 - Various subtle bugs in error handling are fixed.
 - Error handling is simpler.
 - Windows services API is revised and modules are updated to use it.
 - various API docs added
 - railgun API constants are organized and readable now.
 2015-01-08 16:54:01 -06:00
Jon Hart ed74271c26
Land #4548, @dmaloney-r7's fix to allow loginscanners to work w/o a DB 2015-01-08 14:50:08 -08:00
Christian Mehlmauer 14b1d8dc5f
no space required 2015-01-08 23:43:06 +01:00
Jon Hart 98cee8249d
Move non-active DB messages to warning and clarify/simplify 2015-01-08 14:40:47 -08:00
Christian Mehlmauer f7eb9a6cf8
update wordpress version detection regex 2015-01-08 23:36:59 +01:00
sinn3r 50ecfbf64c
Land #4553 - Update bypass UAC to work on 7, 8, 8.1, and 2012 2015-01-08 16:19:55 -06:00
Brent Cook 05279ef02a consistently use double-quoted paths 
allow for variable expansion if needed
 2015-01-08 16:10:28 -06:00
Christian Mehlmauer a5b56c7d09
fix error 2015-01-08 19:48:29 +01:00
David Maloney fd7e65d459
derp just check db active 
the other way of doing this was stupid, jsut check if
the db is active
 2015-01-08 11:58:56 -06:00
Meatballs 8f720ef766
Use get_env in runas 2015-01-08 11:07:40 +00:00
OJ 844460dd87
Update bypass UAC to work on 8.1 and 2012 
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.

I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
 2015-01-08 15:39:19 +10:00
Samuel Huckins f0261a418c
Lands #4535, report_auth_info shoring up 2015-01-07 16:32:14 -06:00
David Maloney 001b6d913e
allows loginscanners to work without db 
created stub methods around the credential
creation methods modules would use from
Metasploit::Credential, they try to call the real ones
but rescue a NoMethodError that arises if framework is setup
without the db. it just prints a message to the console
telling the user the cred data will not be saved

MSP-10969
 2015-01-07 16:09:04 -06:00
Meatballs e6f53ebcbc
Remove duplicate rhosts 2015-01-07 22:04:01 +00:00
Meatballs dccd21a559
Resolve #3870, reinstance creds -R 2015-01-07 22:01:45 +00:00
James Lee da2e088118
Land #4536, Ruby 2.2 compat fixes 
Note that ActiveRecord 3.2.21 still has a similar warning that will
probably cause bugs, preventing full support for 2.2 until that's fixed.
 2015-01-07 15:33:23 -06:00
Meatballs e3e9a64064
Land #4543, Update john.conf with korelogic rules 2015-01-07 21:30:44 +00:00
Meatballs bdbb26ba31
Land #4540, resolves #4532, honour DB_ALL_* options 2015-01-07 21:12:23 +00:00
Meatballs 0b0ac1455a
Merge remote-tracking branch 'upstream/master' into extapi_service_post 
Conflicts:
	test/modules/post/test/services.rb
 2015-01-07 20:53:34 +00:00
David Maloney 4ad7021336
give user option to turn on KoreLogic rules 
the cracker modules in framework now have a datastore option
to allow the user to select the KoreLogicRules
 2015-01-07 12:32:26 -06:00
David Maloney 5d68d48ca5
Land #4385, fixes bruteforce_speed validator 
bruteforce_speed validator now accepts nil
 2015-01-07 12:09:25 -06:00
David Maloney 702511dbc5
respect DB_ALL_USERS & DB_ALL_PASS 
fix last few things in authbrute
and make the CredentialCollections understand the
additional seperate components

MSP-11986
 2015-01-07 11:41:41 -06:00
David Maloney 7ff2ba0725
first pass on fixing DB_ALL authbrute stuff 
DB_ALL_CREDS worked but DB_ALL_USER and DB_ALL_PASS
did not. working on fixing that.
This commit also does some nice DRY work in the auth_brute mixin

MSP-11986
 2015-01-07 11:30:39 -06:00
Meatballs aef8c702d7
Filter creds by type 2015-01-07 17:19:31 +00:00
dmooray 478505c17a ruby 2.2 compatibility 
https://bugs.ruby-lang.org/issues/10314
 2015-01-07 11:41:34 +02:00
sinn3r 609c490b3c I missed nobfu 2015-01-06 12:49:39 -06:00
sinn3r 2ed05869b8 Make Msf::Exploit::PDF follow the Ruby method naming convention 
Just changing method names.

It will actually also fix #4520
 2015-01-06 12:42:06 -06:00
William Vu 0bece137c1
Land #4494, Object.class.to_s fix 2015-01-06 02:27:35 -06:00
Meatballs dd5c638ab0
Merge remote-tracking branch 'upstream/master' into extapi_service_post 2015-01-05 22:18:44 +00:00
David Maloney fc91244252
insert deprecation error message 
report_auth_info will now issue an error message
stating that the method is deprecated along with the module name
that called it

MSP-11919
 2015-01-05 14:02:16 -06:00
David Maloney db8f260557
add some YARD docs to report_auth_info 
add yard docs for the modified report_auth_info

MSP-11919
 2015-01-05 13:58:25 -06:00
David Maloney 71d600e829
make report_auth_info create new creds and logins 
report_auth_info coerces old data into the new credential
types as best as it is able

MSP-11919
 2015-01-05 13:41:30 -06:00